Malicious code in mistral-workflows-plugins-mistralai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 012c4d9df9467f9847a67be15a746ea186f36d3310d278ca9409d531f5026e12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4717 Malicious code in weavedb-console (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cb1233d729c7aefcbe9024196bb4af52f78854aa5ed7f46afb4fa9cd59918c1 package.json declares "preinstall": "./src/compiler/native", which auto-executes a 976 KB stripped Linux ELF binary on every npm install. The binary ...

MAL-2026-4458 Malicious code in @toni77777/aora (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8566221a9ab9a1cb01b0f23e2af4b140d2e97310701b8c9a8f4bed1481fb22b2 On npm install, scripts/postinstall.js fetches a platform-specific executable from https://github.com/yourusername/aora/releases/download/v0.1.0/,...

MAL-2026-4201 Malicious code in obs-migrate (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecb04d891693e925c9055e0b5c5844ebb6cf8c210000e9905bf892ab7d0674d7 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in bytedtccc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ffa89455e2b287319982cda83447a21535ba442b7532714ca2867a935712bcb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in gd-auth-sso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2170 Malicious code in fairness-bias (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c76439565a70fd014098388baf5dd9a679f90be992102ba689fc0b7d6d3db352 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in transform-regexp-constructors (npm)

The package 'transform-regexp-constructors' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Malicious code in synapseml-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4ddf16f7a9941918ea74e21a3742e8f03d7b5c6f5720d7d031d2c69f8d6495c3 Installing the package starts encrypting the user's file and demanding ransom for the decryption. --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2026-1263 Malicious code in python-module-installer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61bfa181c5afb9e33e0d529138c813fc05d8130062182d9d1a5cb4ef9c8da0ea The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

Malicious code in cicd-ppe-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9f1bfe5b5514b9b3a1ffad43be1f06d22faf12f031d325a9e689340c2ab16a0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in @eagleview/ev-mapviewer-interactions (npm)

Package is malware. It exfiltrates sensitive info, executes arbitrary code during install, and matches multiple YARA rules. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2d7da79dc7cea55b1c51c17952322ec30f3d03000a7b075252e9f74084a7a06 The package...

Malicious code in pytelegramapi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d50aff9e36f41642610a858c0117318ed7483aad0e4f517a1485ca2d66574c2a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191939 Malicious code in xx-ent-wiki-sm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5ebf0745c51c955dbe898efb0f6b721f30dd75edc24b4ee234e8574cee3da9d3 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2025-191809 Malicious code in packed-w3shi (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3d670904891ef361ef283e3f218f21b6e3758847277e8bccb0dbecd08b08971a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2024-12234 Malicious code in christmasmiraclemaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 64f06a86dd5b916af92fc3adf5c1e5638df9eaa156a1bc122e4e647f2aae236e Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in pitest115 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eafda224bcd5572ef89818a64323563992432421a36cdec585dee3dc0a04469c Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Malicious code in oe-extract-idss (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2371553e5caae552a4c2fabb7f8d616fde924ba3f292bbc4073715251602efa8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2021-34527

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...